How do you use CakePHP Auth component across subdomains?

Question

(Using CakePHP) I'm looking to setup a sub-domain for user creation, password changes and credit card information vies...as in:

secure.mydomain.com (https) - User/Create - User/Login - User/UpdateCreditCardInfo

app.mydomain.com (http) - once logged in using the "secure" site, the user will be able to access application specific views

Using the CakePHP Auth component on both my sub-domains...how do I persist the login information when the user is authenticated on "secure" then is redirected to "app" sub-domain?

Answer 1

See: http://book.cakephp.org/view/173/Sessions

To provide a custom configuration, set Session.save Configuration to a filename. CakePHP will use your file in the CONFIGS directory for the settings.

Configure::write('Session.save','my_session');

This will allow you to customize session handling.

// Cookie path is now '/' even if you app is within a sub 
// directory on the domain
$this->path = '/';
ini_set('session.cookie_path', $this->path);

// Session cookie now persists across all subdomains
ini_set('session.cookie_domain', env('HTTP_BASE'));

Answer 2

That's a general problem with cookies. They're only valid within the domain they were set and its subdomains. app.example.com is not a subdomain of secure.example.com, so you can't transition cookies between them.

You can set a cookie at example.com and make it valid for all its subdomains, including app. and secure.. You can then modify the cookie on these subdomains.